Apple's TouchID fingerprint scanner hacked by Chaos Computer Club

Just 48 hours after getting their hands on the new iPhone 5S, hackers over at Chaos Computer Club in Europe have found a way to bypass Apple's TouchID fingerprint security scanner.

Chaos Computer Club (CCC), Europe's largest association of hackers, has found a way to bypass Apple's biometric security system using a fairly old and classic spy movie trick. Similar to the movie "Get Smart", it's almost directly, quote Maxwell Smart played by Steve Carrell, "The old steam sticks to everything but the oil from the last thumb print trick".

CCC shows that the iPhone 5S' fingerprint scanner can be fooled by using a photo of a fingerprint from a glass surface to trick the device into authenticating the user. Although CCC did not demonstrate this, several videos have surfaced demonstrated the ease at which the biometric security found on Apple's iPhone 5S can be bypassed.

One of the hackers known as Starbug stresses the avoidance of fingerprint security over at CCC which an account can be found below:

In reality, Apple's sensor has just a higher resolution compared to the sensors so far. So we only needed to ramp up the resolution of our fake. As we have said now for more than years, fingerprints should not be used to secure anything. You leave them everywhere, and it is far too easy to make fake fingers out of lifted prints.

Earlier this month, an opinion piece by Bruce Schneier was posted on Wired.com explaining the long history of vulnerabilities including fooling the scanner with a high quality photocopy of the ridges of a finger.

He further notes two critical problems faced by fingerprint authentication. The first is allowing an unauthorized user access the device while the second being denying authorization to an authorized user. While the former has already been demonstrated by CCC and in the attached video, the latter still has yet to become an issue with the iPhone 5S.